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1  DATE  OF  ORDER 

09-10-2012 


2.  CONTRACT  NO  (It  any) 
GS35F0306J 


3.  ORDER  NO. 

FERCT12- 0002 


MODIFICATION  NO      4.  REQUISITION/REFERENCE  NO. 

  I     See  SCHEDULE  


5.  ISSUING  OFFICE  (Address  correspondence  to) 

Federal  Energy  Regulatory  Commission 
Procurement  Division 
Attn  : 

888  First  Street,   NE,    Room  4J 
Washington  DC  20426 


a.  NAME  OF  CONSIGNEE 

Federal  Energy  Regulatory  Commission 


b  STREET  ADDRESS 
Warehouse  P-l 
Attn: 

888  First  Street,   NE,  Warehouse  P-l 


c.  CITY 

Washington 


d.  STATE 
DC 


J  e  ZIP  CODE 
20426 


7  TO: 


a. NAME  OF  CONTRACTOR 

BOOZ  ALLEN  HAMILTON  INC. 


8.  TYPE  OF  ORDER 


b.  COMPANY  NAME 


c.  STREET  ADDRESS 

8283   GREENSBORO  DR 


d.  CITY 
MCLEAN 


I  e.  STATE 
VA 


t.  ZIP  CODE 
221024904 


□ 


a.  PURCHASE 


REFERENCE  YOUR  

Please  furnish  the  following  on  the  terms  and 
conditions  specified  on  both  sides  of  this  order 
and  on  the  attached  sheet,  if  any,  including 
delivery  as  indicated. 


b.  DELIVERY 


Except  for  billing  instructions  on  the  reverse,  this 
delivery  order  is  subject  to  instructions 
contained  on  this  side  only  of  this  form  and  is 
issued  subject  to  the  terms  and  conditions 
of  the  above-numbered  contract. 


9.  ACCOUNTING  AND  APPROPRIATION  DAT^ee   CONTINUATION  Page 


10.  REQUISITIONING  OFFICE  ISS 


1 1.  BUSINESS  CLASSIFICATION  (Check  appropnate  box(es)) 
J  a.  SMALL  [X  j  b.  OTHER  THAN  SMALL         |_  j  C.  DISADVANTAGED  Q  d.  WOMEN-OWNED 


]  f.  SERVICE-DISABLED 
1  1  VETERAN -OWN  ED 


9.  WOMEN-OWNED  SMALL  BUSINESS  (WOSB5  I  h.  EDWOSS 
-  ELIGIBLE  UNDER  THE  WOS8  PROGRAM        1  1 


12.  F.O.B.  POINT 

N/A 


a.  INSPECTION 


13.  PLACE  OF 


b.  ACCEPTANCE 


14.  GOVERNMENT  B/L  NO. 


15.  DELIVER  TO  F.O.B.  POINT 
ON  OR  BEFORE  (Date) 


16.  DISCOUNT  TERMS 


17.  SCHEDULE  (See  reverse  for  Rejections) 


See  CONTINUATION  Page 


ITEM  NO. 
(a) 


SUPPLIES  OR  SERVICES 

m 


QUANTITY 
ORDERED 
(G) 


UNIT 
(d) 


UNIT 
PRICE 

w 


AMOUNT 

m 


QUANTITY 
ACCEPTED 
(8) 


SO  .  00 

$0 . 00 
So  .00 
$0  .00 

$0.00 

so .  00 

so .  00 

$0.00 

$0 . 00 
SO. 00 


SEE  BILLING 
INSTRUCTIONS 
ON 
REVERSE 


18  SHIPPING  POINT 


j  19.  GROSS  SHIPPING  WEIGHT 


20.  INVOICE  NO. 


21  MAIL  INVOICE  TO: 


a  NAME 

Federal  Energy  Regulatory  Commission 
Division  of  Financial  Services 


0  STREET  ADDRESS  (or  P.O  Box) 

Attn:  Payment/Invoice 

888  First  Street,   NE,    Room  42-71 


PHONE: 
FAX: 


c.  CITY 

Washington 


d.  STATE 
DC 


e.  ZIP  CODE 
20426 


$81,807.96 


17(H) 
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(Cont. 
pages) 


17(1). 
GRAND 
TOTAL 


22.  UNITED  STATES  OF  AME/ICA 
BY  (Signature) 


ame/ca  S\  „ 

AL  REPRODUCTION//  f  " 


23  NAME  (Typed) 

Shirley  Ruiz-Lundgren 

 TITLE:  CONTRACTING/ORDERING  OFFICER 


AUTHORIZED  FOR  LOCAL  REPRODUCTION 
PREVIOUS  EDITION  NOT  USABLE 


OPTIONAL  FORM  347    (REV.  2/2012) 
PRESCRIBED  BY  GSA/FAR  48  CFR  53.213(f) 


A.l  Price/ Cost  Schedule 


Item  Information 


ITEM 
NUMBER 

DESCRIPTION  OF 
SUPPLIES/ SERVICES 

QUANTITY 

UNIT 

UNIT  PRICE 

AMOUNT 

00002 

Technology  -  Provide  a 
detailed  description  of 
recommended  hardware, 
software1  and  services  to 
be  used  to  execute  the 
solution.  If  multiple 
options  are  being 
recommended,  a  detailed 
description  of  each 
platform  will  be  provided 
included  associated  risks 
with  each  option. 

Funding/Req.  Number:  1 

1.00 

ea 

$55,108.8600 
$55,108.86  0000027043 

$55,108.86 

00003 

Use  Cases  -  Provide 
document  use  cases  that 
clearly  demonstrate  how 
the  recommended 
solutions  will  satisfy  the 
business  requirements  as 
defined  for  each  individual 
assessment. 

Funding/Req.  Number:  1 

1.00 

ea 

$3,551.2200 
$3,551.22  0000027043 

$3,551.22 

00005 

Federal  Agency  Examples 
-  Provide  a  list  of  two  or 
more  other  federal 
agencies  that  are  currently 
using  the  proposed 
solutions.  Provide 
references  and/or  contacts 
for  each  example. 

Funding/Req.  Number:  1 

1.00 

ea 

$3,551.2200 
$3,551.22  0000027043 

$3,551.22 

00007 

Cost  Estimate-  Each 
solution  that  is  proposed 
will  contain  a  complete 
cost  estimate  that  includes 
estimated  costs  to 
procure,  license  and 
implement  all  hardware, 
software,  and  services 
recommended  in  the 
assessment. 

Period  of  Performance  for 
all  CLINs  contained  herein 
is  from: 

September  13,  2012  - 
October  12,  2012 

1.00 

ea 

$19,596.6600 

$19,596.66 

Wnrk  t"n  hp  nprfnrrnpH  in 

V  V  \J  1  r\  LU    UC    L/CI  IUI  1  1  ICU    1 1  1 

accordance  with  proposal 

dated  8/23/12;  hereby 

referenced 

Funding/Req.  Number:  1 

$19,596.66  0000027043 

GRAND  TOTAL  $81,807.96 

Accounting  and  Appropriation  Data 


REQUISITION 

ACRN 

APPROPRIATION 

NUMBER 

AMOUNT 

1 

X0212-9121680000-25105-6100-UN- 

0000027043 

$81,807.96 

DEFAULT-00026— - 

INTRODUCTION 


To  support  the  mission  of  FERC,  the  DCIO  will  be  investing  in  Data  Loss  Prevention  (DLP)  technology  to  support  business 
needs  and  enhance  the  Commission's  IT  security  capability.  In  addition  to  developing  continuous  monitoring  program 
strategies  to  facilitate  situational  awareness,  new  initiatives  at  the  Commission  such  as  telework,  cloud-based 
infrastructure,  and  location  independence  are  some  of  the  drivers  for  adding  DLP  technology  to  the  FERC's  IT  roadmap. 


1.  BACKGROUND 


FERC  will  need  to  invest  in  new  technology  for  Data  Loss  Prevention  (DLP)  in  FERC's  enterprise  networks,  and  prospective 
cloud-based  interface  networks.  As  technologies  are  advancing  or  being  invented  at  a  rapid  pace,  FERC  has  realized  a 
need  to  procure  the  services  of  a  technical  advisor  to  help  assess  business  objectives  in  relation  to  available  solutions  that 
are  designed  to  prevent,  detect  and  deter  data  loss  or  leakage,  and  minimize  the  potential  exposure  of  FERC's 
information  systems  from  damages  (i.e.,  loss  of  sensitive  or  confidential  information,  public  image,  and  critical  internal 
resources). 

2.  PURPOSE 


The  purpose  of  this  task  order  is  to  obtain  a  contractor  who  is  an  expert  in  IT  security  architecture  and  data  loss 
prevention.  The  contractor  will  be  responsible  for  reviewing  and  understanding  FERC's  current  enterprise  architecture 
and  operating  environment,  and  recommend  data  loss  prevention  (DLP)  solution(s).  FERC  employees  and  contractors 
operate  with  sensitive  legal  data  and  Critical  Energy  Infrastructure  Information  (CEII).  This  includes  Personally 
Identifiable  Information  (PII),  sensitive  information,  Non-public  Personal  Information  (NPI)  and  other  datasets  pertaining 
to  data  privacy  and  protection  regulations  and  laws.  As  a  regulatory  body,  the  FERC's  mission  also  includes  case 
management,  with  some  cases  containing  up  to  100,000  sensitive  documents.    Additionally,  FERC  has  a  requirement 
that  a  DLP  solution  work  in  conjunction  with  cloud-based  email  and  document  collaboration  environments,  including 
Google  Apps,  Google  Message  Security  (GMD),  and  Google  Message  Discovery  (GMD). 
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3.        OBJECTIVE/ APPROACH/TASKS 


The  Contractor  shall  provide  professional,  administrative,  and  technical  services  in  support  of  the  preparation  and  delivery 
of  the  analysis  and  assessment.  The  contractor  shall  complete  the  following  task  and  document: 

1.  DLP  Solutions  Recommendation 

The  contractor  shall  recommend  DLP  solutions  that  support  the  FERC  current  enterprise  architecture,  which  includes  a 
cloud-based  Email  and  Document  Classification  Software  to  support  legal,  compliance  and  information  sharing 
requirements.  A  document  detailing  the  recommended  solutions  shall  include,  but  is  not  limited  to  the  following: 

1.  DLP  Solutions  Features 

2.  Data  At  Rest 

3.  Data  In  Transit 

4.  Data  Loss  Prevention  Notification  and  Reporting  System 

5.  Effective  and  Accurate  Detection  and  Reports  on  Attempted  Breaches  involving  unauthorized  Data 

6.  Interoperability  with  desktop  email  scanning  modules  and  components 

7.  Prevention  of  emails  from  being  sent  to  unauthorized  recipients 

8.  Supporting  of  classification  of  inbound  and  outbound  emails  that  may  be  sent  to  or  from  the  enterprise  with  data 
classification  information 

9.  Detailed  and  Accurate  Reporting,  Notification  Features,  and  Prevention  Options 

10.  Monitoring  and  Traceability  Features 

11.  Traceable  Evidence  for  Digital  Forensics 

12.  Regulatory  Compliance  -  Multiple  Compliances-  Global  Compliance:  Critical  Infrastructure  Information  (CII); 
Critical  Energy  Infrastructure  Information  (CEII);  NIST  800-53A,  Rev.  3;  NIST  800-60;  NIST  SP  800-34; 
FISMA,OMB  M-06-16,  and  M-07-16,  FIPS  140-2  encryption  for  all  sensitive  data  within  the  DLP  system,  Data 
Protection  and  Privacy;  US-EU,  Safe  Harbor,  ISO  27001/2;  Industry  Standards  and  Best  Practices  for  DLP 

13.  Multiple  Systems-  File  integrity,  protocols,  nodes,  network,  applications,  databases,  Meta  Data  Management 
(MDM),  SOA 

14.  Industry  and  Global  Best  Practices  for  Security  for  Data  Loss  or  Leak  Prevention  and  Data  Protection  and  Privacy 

15.  Able  to  Encrypt  Multiple  File  Types:  .doc,  .rtf,  xls,  .pdf,  etc. 

16.  DELIVERABLES 
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The  Contractor  shall  provide  an  assessment  in  a  report  that  captures  all  elements  identified  in  section  4  of  this  SOW. 
Included  in  this  deliverable  are  recommendations  for  potential  DLP  solutions  that  fit  FERC's  architecture  and  mission 
requirements.  The  Contractor  shall  also  provide  a  roadmap  that  FERC  could  follow  to  successfully  implement  a  DLP 
solution. 


The  Assessment  Deliverables  shall  include: 

L   Kick-off  meeting 

2.  Project  Schedule 

3.  Status  Meetings 

1.   Provide  meeting  minutes  for  all  meetings 
L   Conduct  discovery  sessions  as  required  to  clarify  technical  and  business  process  questions 
2.   Provide  draft  and  final  recommendations  document  on  specific  DLP  solutions  that  could  be  integrated  with  FERC's 
current  architecture  and  operational  environment.  The  recommendation  shall  include: 

1.  Defined  Options  for  hardware,  software  and  services 

2.  Timelines  for  each  option  if  significant  differences  exist  between  options 

3.  Cost  estimates  that  include  details  for  recommended  hardware,  software,  and  services  that  lists  cost  to 
implement  and  to  maintain 


4.        SCHEDULE  OF  DELIVERABLES 


The  following  schedule  of  milestones  will  be  used  to  monitor  timely  progress  on  the  task  order.  In  this  schedule  FERC  will 
designate  "Date  of  Award".  The  number  of  days  referenced  below  is  in  calendar  days  unless  otherwise  noted. 


Milestone/Deliverable 

Planned  Completion/ Due  Date 

Kick-off  Meeting 

5  calendar  days  after  award 

Project  Schedule 

5  calendar  days  after  award 

Status  Reports 

To  be  determined/per  need  basis 

Complete  Assessment  and 
Supporting  Documentation 

30  calendar  days  after  award 
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Federal  Energy  Regulatory  Commission  BLANKET  PURCHASE  AGREEMENT 


SECTION  B  -  GENERAL  TERMS 


B.l  FSS-BPA  TERMS  AND  CONDITIONS 

This  order  is  subject  to  the  terms  referenced  in  BPA  FERC-12-A-0455  and  the  General  Services  Administration  (GSA) 
Federal  Supply  Schedule  Contract  #  GS35F0306J. 

CONTRACTING  OFFICER  REPRESENTATIVE  (COR)  LEVEL  I  APPOINTMENT 


Salma  Mack  has  been  appointed  as  the  Contracting  Officer's  Representative  (COR)  Level  I  for  this  Contract  with 
responsibility  for  technical  oversight,  contract  administration  and  day-to-day  inspection  of  the  work.  The  appointment  will 
be  in  effect  until  final  completion  of  the  project,  or  when  terminated  or  superseded  by  the  Contracting  Officer.  The  COR  will 
accomplish  inspection  and  acceptance,  including  final  delivery.  Services  shall  conform  to  the  requirements  set  forth  in  the 
contract. 

Salma  Mack 

Federal  Energy  Regulatory  Commission 
888  First  Street,  NE  Washington,  DC  20426 
202-502-6395 
salma. macktaferc.aov 
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